Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Allow the session to be skipped. #277

Merged
merged 1 commit into from

2 participants

José Valim Konstantin Haase
José Valim
Owner

This will not send a cookie back nor change the session state.

The :defer option did not send the cookie back but did change the session
state in the backend.

This is useful for assets requests that still go through the rack stack
but do not want to cause any change in the session (for example accidentally expiring flash messages).

José Valim josevalim Allow the session to be skipped.
This will not send a cookie back nor change the session state.

The :defer option did not send the cookie back but did change the session
state in the backend.

This is useful for assets requests that still go through the rack stack
but do not want to cause any change in the session (for example accidentally expiring flash messages).
8f9419d
Konstantin Haase rkh merged commit ccb3275 into from
Ketan Padegaonkar ketan referenced this pull request from a commit
Commit has since been removed from the repository and is no longer available.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Nov 30, 2011
  1. José Valim

    Allow the session to be skipped.

    josevalim authored
    This will not send a cookie back nor change the session state.
    
    The :defer option did not send the cookie back but did change the session
    state in the backend.
    
    This is useful for assets requests that still go through the rack stack
    but do not want to cause any change in the session (for example accidentally expiring flash messages).
This page is out of date. Refresh to see the latest.
Showing with 46 additions and 5 deletions.
  1. +15 −4 lib/rack/session/abstract/id.rb
  2. +31 −1 test/spec_session_memcache.rb
19 lib/rack/session/abstract/id.rb
View
@@ -144,7 +144,9 @@ def stringify_keys(other)
# 'rack.session'
# * :path, :domain, :expire_after, :secure, and :httponly set the related
# cookie options as by Rack::Response#add_cookie
- # * :defer will not set a cookie in the response.
+ # * :skip will not a set a cookie in the response nor update the session state
+ # * :defer will not set a cookie in the response but still update the session
+ # state if it is used with a backend
# * :renew (implementation dependent) will prompt the generation of a new
# session id, and migration of data to be referenced at the new id. If
# :defer is set, it will be overridden and the cookie will be set.
@@ -260,21 +262,30 @@ def session_exists?(env)
end
# Session should be commited if it was loaded, any of specific options like :renew, :drop
- # or :expire_after was given and the security permissions match.
+ # or :expire_after was given and the security permissions match. Skips if skip is given.
def commit_session?(env, session, options)
- (loaded_session?(session) || (force_options?(options) && session && !session.empty?)) && secure_session?(env, options)
+ if options[:skip]
+ false
+ else
+ has_session = loaded_session?(session) || forced_session_update?(session, options)
+ has_session && security_matches?(env, options)
+ end
end
def loaded_session?(session)
!session.is_a?(SessionHash) || session.loaded?
end
+ def forced_session_update?(session, options)
+ force_options?(options) && session && !session.empty?
+ end
+
def force_options?(options)
options.values_at(:renew, :drop, :defer, :expire_after).any?
end
- def secure_session?(env, options)
+ def security_matches?(env, options)
return true unless options[:secure]
request = Rack::Request.new(env)
request.ssl?
32 test/spec_session_memcache.rb
View
@@ -23,6 +23,10 @@
env['rack.session.options'][:defer] = true
incrementor.call(env)
end
+ skip_session = proc do |env|
+ env['rack.session.options'][:skip] = true
+ incrementor.call(env)
+ end
# test memcache connection
Rack::Session::Memcache.new(incrementor)
@@ -168,14 +172,40 @@
res4.body.should.equal '{"counter"=>1}'
end
- it "omits cookie with :defer option" do
+ it "omits cookie with :defer option but still updates the state" do
pool = Rack::Session::Memcache.new(incrementor)
+ count = Rack::Utils::Context.new(pool, incrementor)
defer = Rack::Utils::Context.new(pool, defer_session)
dreq = Rack::MockRequest.new(defer)
+ creq = Rack::MockRequest.new(count)
res0 = dreq.get("/")
res0["Set-Cookie"].should.equal nil
res0.body.should.equal '{"counter"=>1}'
+
+ res0 = creq.get("/")
+ res1 = dreq.get("/", "HTTP_COOKIE" => res0["Set-Cookie"])
+ res1.body.should.equal '{"counter"=>2}'
+ res2 = dreq.get("/", "HTTP_COOKIE" => res0["Set-Cookie"])
+ res2.body.should.equal '{"counter"=>3}'
+ end
+
+ it "omits cookie and state update with :skip option" do
+ pool = Rack::Session::Memcache.new(incrementor)
+ count = Rack::Utils::Context.new(pool, incrementor)
+ skip = Rack::Utils::Context.new(pool, skip_session)
+ sreq = Rack::MockRequest.new(skip)
+ creq = Rack::MockRequest.new(count)
+
+ res0 = sreq.get("/")
+ res0["Set-Cookie"].should.equal nil
+ res0.body.should.equal '{"counter"=>1}'
+
+ res0 = creq.get("/")
+ res1 = sreq.get("/", "HTTP_COOKIE" => res0["Set-Cookie"])
+ res1.body.should.equal '{"counter"=>2}'
+ res2 = sreq.get("/", "HTTP_COOKIE" => res0["Set-Cookie"])
+ res2.body.should.equal '{"counter"=>2}'
end
it "updates deep hashes correctly" do
Something went wrong with that request. Please try again.